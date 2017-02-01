Hacker News new | comments | show | ask | jobs | submit login
Social Media Needs a Travel Mode (idlewords.com)
87 points by jmduke 45 minutes ago | hide | past | web | 67 comments | favorite





To be effective, this would need to become a kind of norm for overseas travelers, the same way traveler's checks used to be. The idea would be that just as you don't carry a bag with your birth certificate, stock certificates, property titles, and jewelry with you, you also don't carry a 10 year archive of every email you've ever sent or a detailed list of every person you've ever spoken to.

In particular, it needs to be normal enough that a significant fraction of all travelers do it. The feature can't be marketed as a protection for at-risk travelers, but as a common-sense safety mechanism useful to all travelers.

I think it's crazy that people walk around with phones that have access to years of email communications, and that even in the happiest timeline we could have ended up on after 2016, features like this are long overdue.

Good point, but it doesn't need to be anywhere near a majority. If just 1% is travelers use it, it would not trigger more than a few extra questions. Especially if those 1% are mostly computer professionals where deeper questioning hardly ever turns up anything.

One feature I'd like with this travel mode is having a log of every bit of data that was accessed during the trip. At least then I would know how much was copied. Some kind of rate limiting would be good too, so they cannot just copy everything.

>>In particular, it needs to be normal enough that a significant fraction of all travelers do it.

Yes, exactly.

Border agents are trained to look for anything out of the ordinary. Currently, using a feature like this would immediately raise a huge red flag and encourage more questioning, detention and possibly even deportation based on the person's country of origin and the mood of the border agent.

Incidentally, that's why I think there is virtually zero chance for these types of features to take off: the system strongly discourages early adopters from trying them.

Incidentally, that's why I think there is virtually zero chance for these types of features to take off: the system strongly discourages early adopters from trying them.

That can be addressed by how it is marketed. Instead of calling it "Travel mode," it could be called "Work mode" or something like that. Commercials could target college students going home to visit parents and not wanting parents to see all their crap or that sort of thing.

Right, the idea is that US travelers would kick-start the norm by travel-locking their accounts; they're at little risk while traveling. It might take many months or even years before travel locks were normed enough that at-risk travelers could rely on them, but that just means we should get started on these features sooner than later.

Why not go further with the idea of a Travel Mode toggle and have it be tied to the device itself. This cuts out any possibility of any data being left on the device from being analyzed easily, social media or otherwise.

Google and/or Apple could add this as a new menu toggle similar to Airplane mode. Once switched on, while in an airport, prevents the device from being unlocked. Then by utilizing geofencing, once the device leaves the airport it unlocks and can be used again.

I'd been thinking about a similar thing: a "limited access for border guards" mode.

Basically, you can turn over the phone to border guards in a way which gives them access to what is on the phone, but which logs actions, and allows you to easily revert/revoke any changes they make. (This would also be a mode you'd turn over to an employer demanding access).

Potentially this mode might also block access to certain things (secret FB groups, archives over a certain age, some chat logs), but would otherwise be fully functional.

The benefit would mainly be that all actions taken would be logged and reportable, as a way to try to keep authorities from poking in places they shouldn't. It seems they are NOT mostly using forensic imaging tools, but logging in directly on the devices, at least right now, so there would be some value.

This is completely naive.

Firstly, social media's only incentive is to make your data as widely available as possible (in the interests of ad revenue), and maintain a good relationship with the government in their jurisdiction. Every other existing "privacy" setting on Facebook, LinkedIn, etc is already obfuscated to the point of unusability, for this reason, and "travel mode" would be no different.

Secondly, lets imagine that FB did implement a watertight "travel mode" that hid your embarrassing data effectively while you were travelling. Third parties would just start capturing and storing posts while you have "travel mode" off, and sell that to CBP, or whoever else wants to pay for it.

People who care deeply about these issues work at Facebook and Google.

He's pointing out what social media companies should do, not predicting that they'll actually do it. That is not naive. Imagine what would happen to the Overton window if we never talked about what people should do, even when we expect them never to do it.

It's not like they couldn't make you turn travel mode off if they wanted to. How about pushing for a law closing this 4th amendment loophole at the borders, at least for citizens?

Not that it'd do much. If the border agents really want to see one's social media accounts, I have zero doubt they can get that data from other government agencies. In fact, they probably already have it. It sounds to me like they're just trying to assert their power and dominance over the people whose accounts they are demanding access to as a way to get off on intimidating others. Pretty typical behavior by law enforcement officers the world over.

The idea is that they cannot in fact make you turn travel mode off, because travel mode doesn't turn off. It's a time lock. The point is that while locked, Facebook and Google Mail are still usable; they just don't have your whole history available on them.

If we stipulate that your second paragraph is true, then travel mode is in fact a complete countermeasure to that behavior. (I don't think it's true).

Why wouldn't they just detain you until the time runs out?

Ideally it would not be evident that the account is in travel mode.

I think that would be difficult to achieve. If it's minimal enough to achieve the goal, it's minimal enough to look like travel mode.

If the only goal is to refuse them access to your account, you can do that already. Your devices will be confiscated, non-citizens will be refused entry, but you can do it if your device encryption is strong enough.

The goal here seems to be to give you the ability to get through the border without giving up your information. If it looks like "trip mode", it's failed at that goal, and I'm not sure it's possible to make it both mainstream and stealthy enough to work.


How can it possible be non-evident?

A travel-locked Facebook account should just look like a quieter Facebook account.

So, pretty evident from the most casual analysis.

I don't think any part of the proposal depends on it not being possible to detect whether an account is travel-locked, but I'm curious about why you think it's so straightforward to tell if an account is locked?

Surely, if this became popular, CBP would simply start asking aliens seeking entry whether their accounts were travel locked. And the standard advice would be, "never lie to CBP".

But I'm still curious about why you think this would be so obvious.


Because indefinite detention is not something they can lawfully do (in US, today).

In contrast, suspending 4th amendment at border has been made lawful by the courts.

Because the time lock would be so long as to make it impractical to do that.

Wouldn't that also render your account essentially useless when your trip is over? (Unless you're traveling for, what, years at a time?)

No, again, the point of the travel lock isn't that you can't use Facebook at all, but rather than your history and social graphs are restricted. For most ordinary purposes, Facebook will probably get more usable while travel-locked.

Exactly - the correct solution is that border inspection of luggage (for contraband) NOT be considered a legal basis for searching my information storage.

Warrantless search of gadgets / accounts should be prohibited for citizens. For non-citizens, it should require a significant justification.

Finally, NONE of the data examined at the border should be stored for longer than necessary to reach a go/no-go determination.

While you get to work on repealing 223 years of jurisprudence about border searches, how about we explore things tech companies can do in the immediacy to mitigate their impact?

They don't have to detain you at all, they just have to deny you entry. Travel mode on? GTFO!

In fact, this is already happening: http://www.dailyxtra.com/canada/news-and-ideas/news/us-custo...

> “They said, ‘Next time you come through, don’t have a cleared phone,’ and that was it. I wasn’t let through.

Technological countermeasures don't seem to work. Sure, they work in the sense that they protect your data, but if the border guy doesn't like you, technology won't save you. You will be sent on your way.

If they get your password can't they just turn of travle mode for you? Or wait until you do the same? I don't know that there is a technical answer here accept wiping your phone/laptop before you go through customes.

The real solution is a political one where we speak up and legeislate and litigate that the 4th amendment applies a the border.

> The real solution is a political one where we speak up and legeislate and litigate that the 4th amendment applies a the border.

Considering the tiny percentage of Americans that travel overseas or even hold passports, I'm not sure a political solution is realistic. I think we might be outnumbered by the people who don't care about such privacy issues because it will never affect them.

Wiping your stuff does no good at all. As pointed out in the article, they know who is on the flight hours before you land. They'll know you have a Facebook profile. The difference between having a laptop already logged into Facebook and a wiped laptop with no data is quite literally the time it takes them to tell you to type in the password for them. Ignorance isn't an escape clause.

Which is, I think, the same problem Maciel's solution faces. Border patrol can possibly just see that you've enabled "trip mode" (by the anemic presence) and put you back on a plane. You're welcome to try again after your trip mode expires, but if they want to see your account, there is, as sure as mathematical logic, no possible "out". Anything you do to deny them that access can be grounds to refuse you entry (if you're a non-citizen).

You're right that the only real solution is a political one. Unfortunately, there are no political solutions to any problem anymore. Not in the US at least. The days when government was even interested in solving problems are gone and I doubt they're ever coming back.

If you're an at-risk traveler, you'd enable travel-lock pretty much as soon as you decide on your itinerary, potentially before you ever get on an airline manifest.

The thing I think I see a lot of people missing here is that travel-lock doesn't wipe or disable your accounts; it just restricts history and breadth. For a lot of people, I think these services will get easier and more pleasant to use while travel-locked, so it's relatively painless to give yourself a generous margin before departing and after arriving.

> The difference between having a laptop already logged into Facebook and a wiped laptop with no data is quite literally the time it takes them to tell you to type in the password for them.

No, that's not how it works. Border agents are entitled to "search" your laptop. They can't force you to retrieve arbitrary data from a remote server.

All this with the caveat that they can, of course, refuse non-citizens for basically any reason.

From the article:

> To work effectively, a trip mode feature would need to be easy to turn on, configurable (so you can choose how long you want the protection turned on for) and irrevocable for an amount of time chosen by the user once it’s set. There’s no sense in having a ‘trip mode’ if the person demanding your password can simply switch it off, or coerce you into switching it off.

It doesn't even have to be a time lock, what if you left behind a key or random passcode at home that could be used to switch it off when you return?

reply


Then if border agents really want to get in to a particular individual's device, they'll just detain them (or seize their device) until trip mode automatically turns off.

They would be required to detain people for an indeterminate amount of time, potentially weeks. The idea is that it's impractical (and also illegal) for them to do that. If enough people travel-locked their accounts, invasive social media monitoring would be off the table.

CBP is not allowed to detain US citizens past some nebulous limit measured in hours.

My gut feeling is that non-US citizens are more likely to be affected by this CBP policy than US citizens. Don't get me wrong here, happy if some solutions works for some subset of people, but as a non-US citizen I want something that works for me.

TillE: If your immigrating (this includes green card holders) to the USA, and have lived there for years, that isn't a very practical solution.


Hey, you have any easy solution: never ever visit the US. The overwhelming majority of non-citizens passing through the border are on some kind of temporary visit, so it's relatively easy to choose to stay the hell away.

reply


That's a very defeatist position. Isolationisms won't help neither the political situation in the world at large, nor the situation in the US right now. The US is a great place to visit, a great place to do business in, and a great place to live in. Not to mention that many, many people that are affected by this policy are non-citizens that are in the process of becoming a citizen (either formally, or not started yet).

My parents and my partner are in the US. They lived there most of their lives, but I am not a US citizen. Are you telling me that I should just give up on my family?


I agree with you. Non-citizens traveling to the US are in a very bad position right now.

This is addressed in the article: you say how long travel mode should last and once set it cannot be undone, even by the owner of the account.

An article with an interesting suggestion and a noble goal but I'm not the first one to say it:

Technology cannot solve the problem we currently face with erosion of privacy at the border! These clever tricks trying to get around the issue only kicks the problem downfield, and likely won't effectively work. If they found out you have travel mode enabled - you may be denied entry or worse (note the comment from @mholt) - they would just detain you until the time lock runs out.

They can't detain US citizens longer than a few hours.

What is actually needed is a dead man's switch: a secondary password that, when entered, destroys the security enclave/TPM to render the device unreadable

I'd love to see travel modes take off. I was talking with some friends about how great it would be to be able to switch my login credentials to some sort of shared multiple person-required password for the duration of a flight. Like Shamir's Secret Sharing, but temporarily.

One thing I wonder about is how quickly a travel mode would become grounds for denial of entry.

It's a real concern for non-citizens. US citizens can't be denied entry.

Or how quickly Facebook/Google/Twitter would comply with some classified FBI/NSA directive to provide the data anyway.

The first mistake is trusting these networks with your personal life in the first place. Nothing can erase that except your ability and willpower to keep your secrets to yourself.

Note that CBP does not have access to all the data NSA has gathered. If they did, we wouldn't be talking about this at all; they'd already have everything they wanted.

Relying on dysfunctional communication between portions of government doesn't seem like a sustainable strategy.

Illegitimate government actions are sort of out of scope for this discussion though (which is about convincing companies to mitigate legitimate government actions).

As for your second point, there's no going back for an awful lot of people. And holding that aside, it's a sad world where using a computer to communicate is somehow a mistake.

I feel it would be quite obvious looking at your device and it's lack of data that such a feature was in force and they would just deny you entry. Nice idea but the problems need fixed in law. IMO technical solutions are just temporary bandaids.

I agree that technical solutions are bandaids. However, US citizens can't be denied entry. They can be delayed for a few hours, not longer.

How do you turn a travel mode off? Once border patrol knows this feature exists and how it works, the jig is up. Any expiration/timeout would just cause you to be detained for the duration the travel mode is enabled. A second password to turn it off would just cause that second password to be coerced out of you. Location-based deactivation can be spoofed.

From the fine article:

> To work effectively, a trip mode feature would need to be... irrevocable for an amount of time chosen by the user once it’s set. There’s no sense in having a ‘trip mode’ if the person demanding your password can simply switch it off, or coerce you into switching it off.

US citizens can't be detained indefinitely at the border. The limit is a few hours.

There is no technical solution to this. If you want there to be no searches of your phone when crossing the border, speak to your representative in Congress and your Senator. If they don't listen, then vote for someone else or even better, run yourself.

The only way this is going to change is with a change in the law.

I appreciate the sentiment here and think that tech as an industry could do with a lot more humility about its intersection with public policy. I feel like I know the people involved in this proposal well enough to say that they agree with this as well.

The point of the travel-lock proposal is that it's actually common sense. Everyone should want this feature. It is actually weird that we walk around all the time with unfettered access to decades of personal correspondence and a detailed log of every person we've ever meet even fleetingly online. The default should be different: getting access to years-old emails or a photographic memory of every acquaintance you have should be extraordinary.

Airplane mode: from the end of the microwave peril to the era of alternative inspection, in under 10 years.

I feel that all technical modes will fail.

Why?

- We first had PIN numbers. Easyily cracked/defeated.

- We then had passwords. Provide them or go back home where you came from.

- We might have travel mode. Defeated or made illegal. Go back home.

I think the only resolution to this is political. Make these searches go away - worldwide - as we near a very bad precedent.

> We need a ‘trip mode' for social media sites that reduces our contact list and history to a minimal subset of what the site normally offers. Not only would such a feature protect people forced to give their passwords at the border, but it would mitigate the many additional threats to privacy they face when they use their social media accounts away from home.

Border security officer: I see you have trip mode on. Turn it off, and give us the phone, or you're not getting into the country.

Reminds me a little of this: https://xkcd.com/538/

reply


Please read the entire post.

I understand, but their default response for "You've done something to hide information from us" isn't going to be "Oh well, we tried. On your way!"

Yeah, they will send you back where you came from and you will be fucked for life.

If you're referring to a configurable duration: setting an expiration doesn't work either. They'll just detain you for that length of time.

A week? 2? I don't think technology changes are the right approach here, but you wouldn't be setting travel mode for a duration equal to transit time through an airport.

reply




